Vulnerabilities and security researches for loginizer

Jan 20, 2025

PSC, Research URL: PSC-2024-64548
Home page URL: Security reports for Loginizer
Application: Loginizer
Date: -
Research Description: Loginizer is a powerful solution for protecting WordPress websites against brute force attacks and other security threats. Actively used on more than 1 million websites, Loginizer offers a wide range of features to enhance login security and safeguard the admin panel and user accounts.
Affected versions: Min -, max -.
Status: SAFE & CERTIFIED

CVE, Research URL: CVE-2024-10097
Home page URL: Security reports for Loginizer
Application: Loginizer
Date: Nov 05, 2024
Research Description: The Loginizer Security and Loginizer plugins for WordPress are vulnerable to authentication bypass in all versions up to, and including, 1.9.2. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2020-27615
Home page URL: Security reports for Loginizer
Application: Loginizer
Date: Oct 22, 2020
Research Description: The Loginizer plugin before 1.6.4 for WordPress allows SQL injection (with resultant XSS), related to loginizer_login_failed and lz_valid_ip.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2018-11366
Home page URL: Security reports for Loginizer
Application: Loginizer
Date: May 22, 2018
Research Description: init.php in the Loginizer plugin 1.3.8 through 1.3.9 for WordPress has Unauthenticated Stored Cross-Site Scripting (XSS) because logging is mishandled. This is fixed in 1.4.0.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2022-45084
Home page URL: Security reports for Loginizer
Application: Loginizer
Date: Apr 24, 2023
Research Description: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Softaculous Loginizer plugin <= 1.7.5 versions.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2017-12650
Home page URL: Security reports for Loginizer
Application: Loginizer
Date: Aug 07, 2017
Research Description: SQL Injection exists in the Loginizer plugin before 1.3.6 for WordPress via the X-Forwarded-For HTTP header.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2017-12651
Home page URL: Security reports for Loginizer
Application: Loginizer
Date: Aug 07, 2017
Research Description: Cross Site Request Forgery (CSRF) exists in the Blacklist and Whitelist IP Wizard in init.php in the Loginizer plugin before 1.3.6 for WordPress because the HTTP Referer header is not checked.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-2296
Home page URL: Security reports for Loginizer
Application: Loginizer
Date: May 30, 2023
Research Description: The Loginizer WordPress plugin before 1.7.9 does not escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2022-45079
Home page URL: Security reports for Loginizer
Application: Loginizer
Date: May 22, 2023
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Softaculous Loginizer plugin <= 1.7.5 versions.
Affected versions: Min -, max -.
Status: vulnerable